I figured it would happen for a few hours, since they had sent a bunch of emails, but it's been a week now and they're still getting it.

According to Mail Delivery Reports, in the last 24 hours they've sent 10 emails, 9 of which Failed+Deferred. But when looking through the list, it looks like the 9 failed emails failed because of this same error; they can't send an email because they've had too many bounce, and when they try to send another one, it bounces and adds to the percentage.

How long do they need to wait before sending any emails before it will clear up? It looks like they're waiting 24 hours or more, and that's not enough.

Further, how do I disable this feature entirely? Under Tweak Settings, I've set the following, which I thought would disable it, but it doesn't:

Staff Member

Re: Domain example.com has exceeded the max defers and failures per hour (5

Could it instead be hitting this option in WHM > Exim Configuration Manager?

Ratelimit incoming connnections with only failed recipients [?]
Ratelimit incoming SMTP connections that have only sent to failed recipients five seperate connnection times in the last hour.

Click to expand...

The setting is five as listed in the text and the 5/5 for the message you are showing in /var/log/exim_mainlog appears to indicate it might be this setting rather than the defer one in WHM > Tweak Settings that is applying.

Re: Domain example.com has exceeded the max defers and failures per hour (5

Sorry for the delay in replying. For whatever reason, I didn't get the email notifications that anyone had replied to this thread.

Tristan, the "ratelimit incoming connections..." that you mentioned only had an "on / off" option. I turned it off and asked the client to try again, but they reported back that they still get the same error message:

Staff Member

Re: Domain example.com has exceeded the max defers and failures per hour (5

Could you submit a ticket to us at this time? The only idea I had was the one in Exim Configuration Manager. They shouldn't still be denied for sending emails like this unless something else is blocking them. We'll need server access to investigate, so a ticket is the best approach.

Domain example.com has exceeded the max defers and failures per hour (5/5)

Click to expand...

I would be happy if cpanel staff could clarify:

What does the (5/5) really mean? Does it mean that every 5 messages are being checked? Can this limit be increased?

The "per hour" means any period of 60 minutes (Eg: if current time is 13:15, then hour = 13:15 to 14:15) or does it mean the current ongoing hour. (Eg: if current time is 13:15, then hour = 13:00 to 14:00)

I am sure I had read a feature request or thread from some regular poster a couple of months back. I dont think it had a clarification. Couldnt find it though.

Ok. so heres the clarification through a cpanel support ticket (Support Request Id 3978549)

Question:
The "per hour" means any period of 60 minutes (Eg: if current time is 13:15, then hour = 13:15 to 14:15)
-or-
does it mean the current ongoing hour. (Eg: if current time is 13:15, then hour = 13:00 to 14:00)

Click to expand...

Answer:
Seth Daughenbaug:
The "per hour" means "in the past 60 minutes". When a defer or failure happens, if there are additional failures in the past 60 minutes, +1 is added to this count.

Lets say you are trying to send out 60 emails, one each minute.

If the first 5 emails go through without an error, then the next one fails, that would be the first failure. So, in the first 6 minutes, you have 1 failure.

The next 10 emails go through fine,

but then 4 emails after that fail. At this point, you have reached the 5 failure limit.
At this point, it has been 20 minutes all together. However, the first failure was 6 minutes in.

The domain sending out the emails would not be able to send any further email until an hour has past since the first failure. In this cause, you would need to wait 46 minutes to send another email, as the first failure would drop off at that point, leaving you with 4 failures in the past hour. I hope this makes sense.

Click to expand...

Question: What does the (5/5) really mean? Does it mean that every 5 messages are being checked? Can this limit be increased?

One of my users is getting the error: Domain has exceeded the max defers and failures per hour (9/5 (75%)) allowed. Message discarded.

Click to expand...

Answer:
Brian Dial:

Percentage counts do not start until there have been 5 defers or failures. This is what the (x/5) is indicating in the logs. The measurement of defers and failures kicks in once 5 defers or failures have occurred.

As an example, if a user sends out 9 emails and three of them are deferred, you should see a (3/5) in the logs. If you have a 25% threshold on suspending email sending, even though 33% of this user's messages have bounced, that user will still be able to send email because 5 messages haven't bounced yet. The percentage of failures kicks in after 5 total failures.

In your latest example, (9/5) is just showing you the total number of failures for that user, which is 9. Five is just threshold at which the percentage of tallying starts. The 75% indicates that 75% of this user's messages have failed. From this we can determine that the user has sent 12 total messages, and 9 of them (75%) have failed or been deferred.

Currently the only measurement to base these restrictions on is a percentage of failed messages. There is no way to set this to a specific number of messages, as it is based entirely on a percentage of mail sent per user.

I hope this clears some things up. If not, please post back and I will be happy to elaborate.

deleting /var/cpanel/email_send_limits/max_deferfail_example.com also worked for me but the file kept coming back! it looks like chmod 444 on /var/cpanel/email_send_limits/ is preventing the file from coming back again

Could you submit a ticket to us at this time? The only idea I had was the one in Exim Configuration Manager. They shouldn't still be denied for sending emails like this unless something else is blocking them. We'll need server access to investigate, so a ticket is the best approach.

Click to expand...

I submitted a ticket and was sent a link to this. How do I whitelist a domain or user to not get these errors?